Saturday, December 30, 2006

Barbarian Attack

Popular
Science describes how Sebastian Wolfgarten attempted to get around the Great
Firewall of China. "Wolfgarten simply bought a server at a Chinese ISP by
phone. Once the server was set up, he could log into it from Germany. And all
the data that went through the server would be subject to the same digital
censorship that Chinese citizens experience every day." Then Wolfgarten
observed how the firewall worked and then he simply went around and over it.
Here's what he did:

What he discovered was that there are three
fairly simple ways to trick the automatic Chinese censorship system.

The first, and easiest, is to use the anonymous
network Tor. Though there has been some
debate as to whether Tor would work in China, it seems to be successful for
now. Another method, which had been previously identified by researchers with
the OpenNet
Initiative a couple of years ago, involves essentially ignoring censorship
commands sent by Chinese servers. Apparently the Great Firewall censors data
by responding to forbidden key words with a network command called a
"reset." The reset instructs the Chinese computer to drop its
connection. The hitch is that the data is still coming in, but injected with
the "reset" command. Program your own firewall to ignore
"reset" commands and you've got uncensored data. Crafty
anti-censorship types in China can also get uncensored data by doing something
called "tunnelling," which seems particularly appropros when dealing
with a Great Firewall. Wolfgarten tested what happened when he hid requests
for "Falun Gong" inside seemingly-innocuous requests for e-mail or
basic network information. A computer outside the Wall unwraps the requests,
gets the data, rewraps them and returns them to China uncensored.

Update

Here's an amusing link to how you can travel in your own ECM bubble to keep RFID-tagged items, including credit cards from being read.

8 Comments:

Anonymous said...

Wretchard wrote, "Wolfgarten tested what happened when he hid requests for 'Falun Gong' inside seemingly-innocuous requests for e-mail or basic network information. A computer outside the Wall unwraps the requests, gets the data, rewraps them and returns them to China uncensored."

Microsoft and Google have shut down blogs or set them up to censor key words such as "Falun Gong" (which is almost as dangerous as uttering the "N" word in America) because those companies values are centered around profit, and the ChiCom government have deeper pockets than dissidents in China. The never-ending war between music and movie studio giants and file-sharers has resulted in the evolution of Freenet, but this same tool that makes Chinese dissidents anonymous also facilitates drug trades and child porn.

The problem for the Chinese government isn't whether it is possible for someone to circumvent the Great Firewall of China. It is whether it can be circumvented easily by someone with very little technical saavy.

From my perspective, the reason for having any kind of fortification, electronic or otherwise, is to increase the difficulty of going from Point A to Point B -- not necessarily to keep all traffic out.

The Chinese government achieves its fundamental aims if a tiny minority of Chinese nerds can get unfiltered information while the vast majority of Chinese people are too lazy, preoccupied, tired, or poor to go to the effort of getting past Chinese censorship.

It is the ease of use of any circumvention of Chinese censorship that matters. And this sets into play a predator-prey relationship between the censors and the anti-censors over how prevalent censorship-evading software will be.

The Chinese are very lucky that Motorola blew it with the Iridium satellite communciations system. The company recognized that they could not tolerate a prohibition on the system within countries such as the PRC and Russia, so they brought them onboard as franchise operators and purchased launches from those countries instead of just using US vehicles or Arianespas. Well, surprise! Governments rooted in non-market economies knew considerably less than squat about being commercial operating partners. They did no marketing in those countries.

Then they made some technical errors that were whoppers. Instead of a cellphone-style ease of operation users had to set up a little remote satellite communcations terminal very time they wanted to make a call. Not a problem for the military, who expect to have to do that, but a businessman wanting to call the head office does not want to fool with that kind of thing. Then they limited the bandwith to that suitable for voice comm only - and thus made it useless for Internet communications. They further screwed up by charging too much both for the portable equipment and the per-call rate. The result was a system of use to the military and just about no one else.

Without these screw-ups, the PRC's Internet firewall would be all but useless, as anyone who wanted to linked to the rest of the world - including the rest of China - via low Earth orbit.

Want to liberalize China? Build an Iridium-style system designed for the Internet.

Alexis,You're right. As long as it works to keep 99% of users in line, the system works.

And as far as the ones who do manage to evade censorship, they have no way of knowing if the methods they use to evade censorship just make them stand out to the secret police. By their evasion, they finger themselves as intelligent, technically-savvy and rebellious. They finger themselves as just the kind of people which the next rebellion would contain as leaders or technical facilitators. It fingers them as people who need to be "disappeared" at the first sign of unrest